Monitor > Packet Capture

All Palo Alto Networks firewalls have a built-in packet capture (pcap) feature you can use to capture packets that traverse the network interfaces on the firewall. You can then use the captured data for troubleshooting purposes or to create custom application signatures.
The packet capture feature is CPU-intensive and can degrade firewall performance. Only use this feature when necessary and make sure to turn it off after you collect the required packets.
What do you want to know?
What are the different methods the firewall can use to capture packets?
How do I generate a custom packet capture?
How do I generate packet captures when the firewall detects a threat?
Where do I download a packet capture?
Looking for more?
  • Turn on extended packet capture for security profiles.
  • Use packet capture to write custom application signatures.
  • Prevent a firewall admin from viewing packet captures.
  • See an example.

Recommended For You